@lanodan@PurpCat@Moon@takao@tsugumi I try not to guess the protocol too eagerly especially from too generic D-sub connectors, after having seen a cable with DE-9 at both ends that was not a null modem and heard sad stories about mis-connecting DB-25(M) serial extension to DB-25(F) paralell port…
@lanodan tbh, completely privileged processes should probably die. There should be as few processes with full capabilities as possible. That is not the state currently, IIRC many services still run under full root even when they do not need to change users, access network, …
If only a few processes got e.g. cap_setuid, it would be far more easy to check their behaviour.
(And yes, since capabilities are Linux-specific, this would be complicated)
@lanodan I guess that would need to be in userspace, though. IIRC kernel does not have any idea of “appropriate runtime”, nor it wants to enforce particular choices… So maybe keep setuid(2), but allow restricting it to a specific process?
But yeah, having a single reusable implementation for “change the user in a sane way” (possibly in libc) would be so much better, not having to think about all the other nuances like saved UIDs, groups, environment, capabilities, … (This would probably help even setuid (u+s) programs being less bug-prone.)
(btw, the shell in /etc/passwd is IIRC completely unprivileged (tested with an interactive Python as a shell). And even though, some distributions will only allow login if using shell from /etc/shells)
@lanodan@ocean What would be the issue with unencrypted /boot, if you authenticate and verify anything loaded from it? (e.g. having /boot be the EFI partition and booting from UKI verified by Secure Boot)
@lain At least these are regular words (they seem familiar to me). In Czechia these laws contain really weird words, so that it is even more unpleasant to read… (e.g. “zrušuje se” instead of the very common “ruší se”, meaning “is deleted”. One can guess that it means the same thing, it is in the same word family, but still…)
@lanodan@ada I checked RFC 5321 and there should only be one or three colons after IPv6 (i.e. either [IPv6:0:0:…] or [IPv6:::1]). The initial colon is separator of the address type and actual address.
Then my Postfix accepts it says there is no such user (obviously), before it was bad syntax.
@coolboymew I ended up with either using a chat with myself to send the files, or a local HTTP server (usually python3 -m http.server) and using a web browser. Or, when I could, just uploading it to a microSD card and putting that in the phone.
I usually fall back to these ancient methods quite fast. They may not be the most comfortable, but they seem to be working reasonably often…
LEdoian here. I break/(ab)use computers. If there is a weird command I can run to break something, I will gladly run it.(I especially like git, systemd and fd.o standards.)Proud admin of my #Pleroma instance and sysadmin in general. I also know some stuff about computer networks.Grammatical gender: Masculine (He/His)Account is locked to deter bots and weird corporate accounts. I accept follows from random people if their account seems to be marginally legit (=human-like), I just don't want to be scraped (except for the public posts maybe).